main/libtasn1: security fix (CVE-2016-4008). Fixes #5451

(cherry picked from commit 9802b7359f81e3b3aa657308501b7cdddbcfaf87)

2 files changed, 52 insertions, 5 deletions

diff --git a/main/libtasn1/APKBUILD b/main/libtasn1/APKBUILD
index 1527fd52ad..f8d6cc5314 100644
--- a/main/libtasn1/APKBUILD
+++ b/main/libtasn1/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=libtasn1
 pkgver=3.6
-pkgrel=2
+pkgrel=3
 pkgdesc="The ASN.1 library used in GNUTLS"
 url="http://www.gnu.org/software/gnutls/"
 arch="all"
@@ -13,9 +13,11 @@ install=
 source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz
 	CVE-2015-2806.patch
 	CVE-2015-3622.patch
+	CVE-2016-4008.patch
 	"
 
 _builddir="$srcdir"/$pkgname-$pkgver
+
 prepare() {
 	cd "$_builddir"
 	for i in $source; do
@@ -25,7 +27,18 @@ prepare() {
 	done
 }
 
-build() {
+prepare() {
+        local i
+        cd "$_builddir"
+        #update_config_sub || return 1
+        for i in $source; do
+                case $i in
+                *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+                esac
+        done
+}
+
+build() { 
 	cd "$_builddir"
 	./configure \
 		--build=$CBUILD \
@@ -40,12 +53,16 @@ package() {
 	make DESTDIR="$pkgdir" install || return 1
 	rm "$pkgdir"/usr/lib/*.la || return 1
 }
+
 md5sums="6ed38e161e11013054f2a2bb4c4da449  libtasn1-3.6.tar.gz
 4a0e850f458a1ae1a94f419e47e2390b  CVE-2015-2806.patch
-fbe5e8a0a79f3d46b4c214ddbc14166d  CVE-2015-3622.patch"
+fbe5e8a0a79f3d46b4c214ddbc14166d  CVE-2015-3622.patch
+536fc9b1ca168805b7c0131f8e6c5987  CVE-2016-4008.patch"
 sha256sums="19e34766a38abc74cec1863cc30c8a4e13f763310ecaf7a5e861ba1d143ea430  libtasn1-3.6.tar.gz
 203076736bcac3e31bc0f6e2c6b16db28d0e66e9e734656d27d2ee938443f4c2  CVE-2015-2806.patch
-02eb371e987731c6558a8870553d90c54feefc86de1ab6f8536bc9dd2728f105  CVE-2015-3622.patch"
+02eb371e987731c6558a8870553d90c54feefc86de1ab6f8536bc9dd2728f105  CVE-2015-3622.patch
+ef347ecb87acda6d472f568461be07729939a33fead0dbac3812d163551a0410  CVE-2016-4008.patch"
 sha512sums="c682cd7502c687e3a304216366fdbb9de62052cb5f3394bbe1172ccb5eae8fd00bbf7282ad642c58a6be5f1ad224353a4a3f7d9a6bad14ab7016d530883a5d9e  libtasn1-3.6.tar.gz
 7107e5a25208118994f508731f0d219734dc1f61d3ae991d6bacdcacf5759dbecf21b10e2ff49b7dc9f22af405fcd7480feeb93cc5d2854ff9311497431ca9f8  CVE-2015-2806.patch
-535784b109de72363c1efe02c42b60a0486c19270f9b8ffb53f08db2879a11f5c3e9072782631800da848ef0e95176223a2912752faa13b14ee36a81ae96c60d  CVE-2015-3622.patch"
+535784b109de72363c1efe02c42b60a0486c19270f9b8ffb53f08db2879a11f5c3e9072782631800da848ef0e95176223a2912752faa13b14ee36a81ae96c60d  CVE-2015-3622.patch
+0c2b639df74ea9ff386a429f499d5e4764efeed4686c8ec28bd18d75c07eba84bfe21b5780d2115aebefe6a54ffe87cc5fac28b82b00bc2f5a47c090d3bd8fd7  CVE-2016-4008.patch"
diff --git a/main/libtasn1/CVE-2016-4008.patch b/main/libtasn1/CVE-2016-4008.patch
new file mode 100644
index 0000000000..e487526649
--- /dev/null
+++ b/main/libtasn1/CVE-2016-4008.patch
@@ -0,0 +1,30 @@
+From 0be0b11a1d0c4029f362ab368a63bc267065b5bd Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Fri, 8 Apr 2016 13:48:30 +0200
+Subject: [PATCH] _asn1_expand_object_id: addressed crash when no value is
+ present is node
+
+With a specially crafted ASN.1 description _asn1_expand_object_id,
+passes a null pointer as p4->value to the function _asn1_str_cat,
+which expects a pointer to a string. This patch addresses the issue.
+Reported by Pascal Cuoq.
+---
+ lib/parser_aux.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/lib/parser_aux.c b/lib/parser_aux.c
+index a42cdd2..52700c6 100644
+--- a/lib/parser_aux.c
++++ b/lib/parser_aux.c
+@@ -792,6 +792,9 @@ _asn1_expand_object_id (asn1_node node)
+ 		    {
+ 		      if (type_field (p4->type) == ASN1_ETYPE_CONSTANT)
+ 			{
++			  if (p4->value == NULL)
++			    return ASN1_VALUE_NOT_FOUND;
++
+ 			  if (name2[0])
+ 			    _asn1_str_cat (name2, sizeof (name2), ".");
+ 			  _asn1_str_cat (name2, sizeof (name2),
+-- 
+1.9.1